Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

CCleaner.v...97.exe

windows7-x64

7

CCleaner.v...97.exe

windows10-2004-x64

7

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...ng.dll

windows7-x64

1

$EXEDIR/CC...ng.dll

windows10-2004-x64

1

$EXEDIR/CC...49.dll

windows7-x64

1

$EXEDIR/CC...49.dll

windows10-2004-x64

1

$EXEDIR/CC...58.dll

windows7-x64

1

$EXEDIR/CC...58.dll

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...49.dll

windows7-x64

1

$EXEDIR/CC...49.dll

windows10-2004-x64

1

$EXEDIR/CC...58.dll

windows7-x64

1

$EXEDIR/CC...58.dll

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

1

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...er.exe

windows7-x64

6

$EXEDIR/CC...er.exe

windows10-2004-x64

1

$EXEDIR/CC...64.exe

windows7-x64

7

$EXEDIR/CC...64.exe

windows10-2004-x64

1

$EXEDIR/CC...ng.dll

windows7-x64

1

$EXEDIR/CC...ng.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $EXEDIR/CCleaner Free/CCleaner.exe

  • Size

    3.5MB

  • MD5

    e62ed5a7a2f21c5f377f924a33e12792

  • SHA1

    6c3a1155aaee92c07a7f27dd64441c491ce733c2

  • SHA256

    0199f5db10554a6138d7caf3d9d8a4b6ebfb49746b9523616406a4ed471ff39f

  • SHA512

    38332209c797ecde26fa9cf9617b6a2daa2735f1ac08a1ae07384f487fb03c0bea4be1ef4159a7157456ec32e61ba386b23736cd4223e8840bbb555f70f190f0

  • SSDEEP

    49152:HCvqo9q6j2zeKp4xJJVD68j+AfnL5d6z9CY7Jx34mo1xohq/n5tjS+7:HCFjW4jD68j++deskTJoToG7

Score
6/10

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 7 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner64.exe
      "C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\CCleaner.exe"
      2⤵
      • Checks for any installed AV software in registry
      • Checks processor information in registry
      PID:1500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$EXEDIR\CCleaner Free\ccleaner.ini
    Filesize

    76B

    MD5

    816577f4ad8679f48aa8f309ffe45c2f

    SHA1

    df7b93cfc78f959dc12133be8d7591b0909d12f6

    SHA256

    265d87362102b2b0a8ac36f4de5a260b4c369b9de7dad309ac3a353be16323ad

    SHA512

    d8b06f32328ce1804fd72029323a50eca9bf676705a26c0885a94e1176246485580bf6f1116de33c1c4f11bc326c32279d4b681fbf7580dfb1cea291479c2158

    Download Submit

  • memory/1500-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1500-263-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download